CVE-2023-22355

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:intel:trace_analyzer_and_collector::::::::
	cpe:2.3:a:intel:oneapi_hpc_toolkit::::::::
	cpe:2.3:a:intel:vtune_profiler::::::::
	cpe:2.3:a:intel:integrated_performance_primitives_cryptography::::::::
	cpe:2.3:a:intel:integrated_performance_primitives::::::::
	cpe:2.3:a:intel:inspector::::::oneapi::*
	cpe:2.3:a:intel:implicit_spmd_program_compiler::::::::
	cpe:2.3:a:intel:fortran_compiler::::::::
	cpe:2.3:a:intel:embree_ray_tracing_kernel_library::::::::
	cpe:2.3:a:intel:dpc\+\+_compatibility_tool::::::::
	cpe:2.3:a:intel:distribution_for_python::::::::
	cpe:2.3:a:intel:cpu_runtime::::::opencl::*
	cpe:2.3:a:intel:advisor::::::oneapi::*
	cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installers::::::::
	cpe:2.3:a:intel:oneapi_video_processing_library::::::::
	cpe:2.3:a:intel:oneapi_threading_building_blocks::::::::
	cpe:2.3:a:intel:oneapi_rendering_toolkit::::::::
	cpe:2.3:a:intel:oneapi_math_kernel_library::::::::
	cpe:2.3:a:intel:oneapi_iot_toolkit::::::::
	cpe:2.3:a:intel:oneapi_hpc_toolkit:2023.0.0:::::::*
	cpe:2.3:a:intel:oneapi_dpc\+\+_library::::::::
	cpe:2.3:a:intel:oneapi_dpc\+\+\/c\+\+_compiler::::::::
	cpe:2.3:a:intel:oneapi_deep_neural_network_library::::::::
	cpe:2.3:a:intel:oneapi_data_analytics_library::::::::
	cpe:2.3:a:intel:oneapi_base_toolkit::::::::
	cpe:2.3:a:intel:mpi_library::::::::
	cpe:2.3:a:intel:ospray_studio::::::::
	cpe:2.3:a:intel:ospray::::::::
	cpe:2.3:a:intel:open_volume_kernel_library::::::::
	cpe:2.3:a:intel:open_image_denoise::::::::

History

19 May 2023, 13:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:a:intel:ospray:::::::: cpe:2.3:a:intel:oneapi_data_analytics_library:::::::: cpe:2.3:a:intel:trace_analyzer_and_collector:::::::: cpe:2.3:a:intel:cpu_runtime::::::opencl::* cpe:2.3:a:intel:open_volume_kernel_library:::::::: cpe:2.3:a:intel:oneapi_hpc_toolkit:::::::: cpe:2.3:a:intel:distribution_for_python:::::::: cpe:2.3:a:intel:advisor::::::oneapi::* cpe:2.3:a:intel:dpc\+\+_compatibility_tool:::::::: cpe:2.3:a:intel:oneapi_math_kernel_library:::::::: cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installers:::::::: cpe:2.3:a:intel:oneapi_dpc\+\+\/c\+\+_compiler:::::::: cpe:2.3:a:intel:oneapi_hpc_toolkit:2023.0.0:::::::* cpe:2.3:a:intel:oneapi_iot_toolkit:::::::: cpe:2.3:a:intel:fortran_compiler:::::::: cpe:2.3:a:intel:embree_ray_tracing_kernel_library:::::::: cpe:2.3:a:intel:integrated_performance_primitives:::::::: cpe:2.3:a:intel:vtune_profiler:::::::: cpe:2.3:a:intel:open_image_denoise:::::::: cpe:2.3:a:intel:oneapi_deep_neural_network_library:::::::: cpe:2.3:a:intel:oneapi_base_toolkit:::::::: cpe:2.3:a:intel:oneapi_video_processing_library:::::::: cpe:2.3:a:intel:implicit_spmd_program_compiler:::::::: cpe:2.3:a:intel:oneapi_threading_building_blocks:::::::: cpe:2.3:a:intel:inspector::::::oneapi::* cpe:2.3:a:intel:integrated_performance_primitives_cryptography:::::::: cpe:2.3:a:intel:oneapi_rendering_toolkit:::::::: cpe:2.3:a:intel:oneapi_dpc\+\+_library:::::::: cpe:2.3:a:intel:mpi_library:::::::: cpe:2.3:a:intel:ospray_studio::::::::
References	~~(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html -~~	(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html - Vendor Advisory
First Time		Intel cpu Runtime Intel oneapi Toolkit And Component Software Installers Intel embree Ray Tracing Kernel Library Intel integrated Performance Primitives Cryptography Intel fortran Compiler Intel vtune Profiler Intel ospray Studio Intel oneapi Iot Toolkit Intel oneapi Hpc Toolkit Intel inspector Intel oneapi Video Processing Library Intel mpi Library Intel Intel open Image Denoise Intel oneapi Threading Building Blocks Intel oneapi Deep Neural Network Library Intel oneapi Base Toolkit Intel distribution For Python Intel oneapi Rendering Toolkit Intel ospray Intel oneapi Data Analytics Library Intel implicit Spmd Program Compiler Intel oneapi Math Kernel Library Intel trace Analyzer And Collector Intel dpc\+\+ Compatibility Tool Intel advisor Intel oneapi Dpc\+\+\/c\+\+ Compiler Intel integrated Performance Primitives Intel open Volume Kernel Library Intel oneapi Dpc\+\+ Library
CWE		CWE-427

10 May 2023, 14:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-10 14:15

Updated : 2023-11-07 04:06

NVD link : CVE-2023-22355

Mitre link : CVE-2023-22355

JSON object : View

Products Affected

intel

integrated_performance_primitives
trace_analyzer_and_collector
oneapi_threading_building_blocks
oneapi_dpc\+\+_library
open_image_denoise
open_volume_kernel_library
fortran_compiler
oneapi_base_toolkit
vtune_profiler
oneapi_deep_neural_network_library
embree_ray_tracing_kernel_library
cpu_runtime
mpi_library
distribution_for_python
oneapi_toolkit_and_component_software_installers
inspector
oneapi_iot_toolkit
oneapi_video_processing_library
oneapi_rendering_toolkit
ospray_studio
oneapi_dpc\+\+\/c\+\+_compiler
ospray
oneapi_hpc_toolkit
advisor
oneapi_math_kernel_library
dpc\+\+_compatibility_tool
integrated_performance_primitives_cryptography
oneapi_data_analytics_library
implicit_spmd_program_compiler

CWE

CWE-427

Uncontrolled Search Path Element

7.8 /10